Russian hackers hit US government using widespread supply chain attack
Russia’s Cozy Bear is trojanizing business software to infect organizations worldwide. …
reader comments
10 with 8 posters participating
Russian hackers have breached networks belonging to the US government and private organizations worldwide in a widespread espionage campaign that uses the global software supply chain to infect targets.
The US Treasury and Commerce departments are among the US government agencies hit in an operation that multiple news outlets, citing people familiar with the matter, said was led by Cozy Bear, a hacking group believed to be part of the Russian Federal Security Service or FSB. Word of attacks arrived on Sunday, five days after FireEye, the $3.5 billion security company, said on Tuesday it had been hacked by a nation state.
On Sunday night, FireEye said the attackers were infecting targets using Orion, a widely used business software app from SolarWinds. After taking control of the Orion update mechanism, the attackers were using it to install a backdoor that FireEye researchers are calling Sunburst.
wrote. “The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries and verticals. FireEye has notified all entities we are aware of being affected.”
After using the Orion update mechanism to gain a foothold on targeted networks, Microsoft said in its own post, the attackers are stealing signing certificates that allow them to impersonate any of a target’s existing users and accounts, including highly privileged accounts.
In a separate post FireEye said it has
Continue reading – Article source